Jira, Atlassian's hugely popular issue-tracking software allows developers to collaborate on development tasks. Developers spend a lot of their time in Jira, so it's a good place to catch their attention when you want something like a security issue fixed.
β οΈ Warning: We only recommend connecting using an "integration user" (a user that has the minimum permissions, only to be used for the Jira -> Intruder
integration)
Connect your Jira instance to IntruderΒ
To connect Intruder to your Atlassian Jira account, the Integrations Page in the Intruder portal and press the green Add button on the Jira tab.
2. Enter the Site URL of your Jira instance (*.atlassian.net or *.jira.com), then enter the Email Address and API Token of a Jira user with appropriate permissions. See the Atlassian docs for more information on how to generate an API token.3. Then click 'Connect Jira' and you're done! π
π¨ Please note that Unassigned Issues must be enabled in your Jira instance for the integration to work.
Manually export issues to Jira
To manually export an Intruder issue to Jira, go to the Issues page, select the issue then the Occurrence, and click
Actions
and then clickSend to
Jira
.
β
βSelect the Jira project you want to export the issue to, then pick the Jira issue type. Click Submit and that issue will be exported to your Jira project.
β
β
π¨ Both custom issue types and default issue types have to include the βsummary
β and βdescription
β fields. All other fields must be non-mandatory. Any deviation from these instructions will cause the integration to fail. β
Automatically create Jira issues for any new security weaknesses
Alternatively, our integration can automatically export all new security weaknesses to Jira as soon as we discover them. This ensures your dev team is always in the loop and notified of any new security problems.
To activate automatic export, select the Jira project you want us to export to and what the Jira issue type for any newly created Jira issues should be.
π¨ By default, we'll only export any new issues that are at least medium severity but you can use the Auto-create issues options to adjust that. You can also find a 'Test Integration' button here which will create a test issue in your Jira environment to check that the integration is working as expected and the option to send Certificate Expiry issues to Jira.
We also have the option to create issues in Jira for any certificate expiry issues such as when an SSL Certificate has less than 21 days until expiry. If you want to enable these alerts, you can do so by adding in the Project and Issue Type in the boxes under the 'Certificate Expiry Issues' title.
Note: If you're using the Jira on-premise solution, we recommend you segment it from the Internet using a Firewall but allow inbound traffic from the Intruder portal (portal.intruder.io or 35.189.67.245) in order for the exports to work.
How the issue is displayed in Jira
Once exported to Jira the issue will be added to your backlog either as a Task or Epic as selected when manually exported or when set up to auto-export. The Jira ticket will include a description of the issue, remediation advice, occurrences, and a txt export of the raw scanner output to help you find, examine and fix the vulnerability.
Note: Jira integration is currently only available for customers on our Pro, Premium and Vanguard plans.